Self-signed certificate for SSL/TLS

If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS.
Let’s encrypt will only work if you have a DNS entry and remote access is allowed.
The solution is to use a self-signed certificate. As you most likely don’t have a certification authority (CA) your browser will complain about the security. If you have a CA then this will not be an issue.

To create a certificate locally, you need the OpenSSL command-line tool.

Change to your Home Assistant configuration directory like ~/.homeassistant. This will make it easier to backup your certificate and the key. Run the command shown below.

The certificate must be .pem extension.

If you are going to use this certificate with the iOS app, you need to ensure you complete all fields during the certificate creation process, then:

Send only the certificate.pem file to the iOS device, using airdrop or other transfer method.

Open the .pem file on the iOS device, follow the prompts to trust and install it.